Service-level agreements are crucial to ensure cloud providers meet expectations. A strong cloud SLA starts with answering five common questions.

Trust is one of the most important factors in any relationship. And that sentiment holds true in a cloud provider-user relationship, as well. When a cloud service provider guarantees a certain level of performance, the user needs to know those expectations will be met. That's where a service-level agreement comes into play.

Each cloud service provider has its own service-level agreement (SLA) that covers a range of service limits and guidelines around performance, availability, costs and more. An SLA might look good on paper, but a user should understand all the details to be satisfied with their service.

While reading every word of your SLA is a good start, you need to ask certain questions to ensure your requirements are met. Here are five common questions to sharpen your cloud computing SLA knowledge.

What is a cloud computing SLA?

Wouldn't it be nice if every purchase came with performance guarantees in writing? When it comes to purchasing cloud services, SLAs make that a reality. A cloud computing SLA is a contract between a cloud service provider and customer that dictates which services it will provide, performance levels, availability, costs, notifications, response time and more -- all in calculable terms. SLAs assure customers that their cloud service will meet certain benchmarks. For example, if your cloud SLA guarantees 99.9% uptime -- 43 minutes of downtime per month or eight hours and 46 minutes per year -- then your cloud provider is responsible for making sure your downtime never exceeds 0.1%. In some cases, providers offer credits for downtime that exceed SLA limits.

In addition to performance and availability, cloud SLAs can also cover security and compliance. The agreement lays out each party's responsibilities and what to expect in the event of an outage or security breach.

What should I look for before I agree to a cloud SLA?

Before you agree to your cloud SLA, you have to ask the right questions and know what to watch for. First, be sure to thoroughly read the contract. Otherwise, you'll lock yourself into unsatisfactory terms. Additionally, it's imperative to clearly state who maintains ownership of the data. Customers should also be aware of their data's geographic location, as some providers have data centers outside of the U.S. Remember, your data needs to be compliant with whatever regulations or standards apply to your business -- for example, HIPAA or PCI DSS.

A cloud SLA should have parameters for disaster recovery in the event of an outage. The agreement should state how data will be affected and the failover plan. To avoid monthly billing surprises, beware of all potential costs. In addition to mapping out acceptable performance and availability levels, your cloud computing SLA should include the resulting ramifications if terms of the agreement aren't met.

How much downtime is too much?

No matter the IT service, downtime is inevitable. It's impossible to completely avoid outages, but a cloud SLA should include the acceptable amount of downtime for each service. But what is an acceptable amount? That depends on your business needs.

Obviously, all cloud customers would love to have five nines availability for their services. Most cloud providers offer at least 99.9% availability. For example, Amazon Web Services Elastic Compute Cloud and Microsoft Azure both offer 99.95% availability. However, it's important to understand how providers measure downtime. In some cases, customers are forced to prove downtime to their cloud service providers. Make your availability requirements clear in your SLA. If you need your services during a specific timeframe, make sure that's specified in the agreement. Additionally, enterprises must ensure a backup and disaster recovery plan is in place.

What if my provider isn't meeting the SLA expectations? And how do I know?

What good is a cloud contract if your provider isn't holding up its end of the bargain? If a provider does not meet the expectations set in the cloud SLA, there needs to be penalties. These can range from financial ramifications to early termination. Negotiate your SLA to include potential provider infractions, along with their respective penalties. Most providers offer credits for downtime, but they don't always suffice for lost business.

To enforce your cloud SLA, you need to monitor your provider's performance. Management tools and APIs are available to monitor your application or service's performance, but it's still important to document all issues. Effective communication between customers and cloud providers is paramount to a solid cloud computing SLA.

What about compliance? What regulations do I need to meet?

While cloud regulations and standards are constantly changing, the need to remain compliant remains critical. Before choosing a cloud provider and agreeing to an SLA, customers need to know how each provider handles compliance for their businesses' specific regulations.

If you are in the healthcare industry, you need to be aware of HIPAA regulations. For retail and other organizations that deal with credit card holders, PCI DSS requires credit card data be restricted. Additionally, consider location-specific regulations, since standards vary between states and other countries.

Compliance does not guarantee cloud security. Who is responsible for cloud security? Make sure your SLA includes the necessary security precautions, such as encryption and other tools, as well as the provider's resiliency in the event of a breach.

Nicholas Rando is assistant site editor for SearchCloudComputing. You can reach him at nrando@techtarget.com.

Join the conversation

2 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

Beyond the conventional metrics of an SLA, we must be able to monitor and control performance at the platform layer. We can hold our provider accountable for security, availability and application performance. These requirements can be measured and failure easily detected. The real challenge with the cloud is the technology underlying the delivery of these services is much more advanced and complex. Our ability to see into the cloud, meter the performance being delivered at the platform level and know the true cost of the service is limited by the tools we have. There is research that shows the same machines provisioned on the top three cloud service providers actually deliver different performance for the identical workload. Moreover, the variance occurs within providers! Without some form of indexing or benchmarks, we can easily be fooled into thinking we are getting the expected performance. There is an emerging new discipline, Platform Performance Management, which will become increasingly important when choosing or operating cloud hosted and internally hosted applications, as well. With tools in this space, we can be assured every instance in the cloud is operating at the peak level. Moreover, it allows us to take action independent of the cloud provider, to correct the problem by shedding the laggards, adding new instances and measuring performance again.